Hacking

Computer Sciences
COPYRIGHT 2002 The Gale Group Inc.

Hacking

For years, "hacker" was a positive term that described computer enthusiasts who had a zeal for computer programming. Those who hacked took pride in their ability to write computer programs that stretched the capabilities of computer systems and find clever solutions to seemingly impossible problems. Although many computer enthusiasts still ascribe to this definition, the everyday usage of the word has changed significantly. Today, "hacking" generally refers to individuals who break into computer systems or use their programming skills or expert knowledge to act maliciously. (Traditional hackers—the good kind—prefer to use the term "cracker" to refer to these individuals.)

Causing a denial of service attack on a web site or network (preventing legitimate users from accessing a web site);

Stealing valuable information such as passwords and credit card data.

A Systematic Process

Although portrayed otherwise in Hollywood films and in television shows, hacking is a systematic, tiresome process in which the attacker attempts methodically to locate computer systems, identify their vulnerabilities, and then compromise those vulnerabilities to obtain access. Experts have identified six steps that are generally followed in the hacking process. These include (1) footprinting (reconnaissance); (2) scanning; (3) enumeration; (4) penetration; (5) advance; and (6) covering tracks.

Footprinting.

The first technique often used by hackers is called footprinting. The objective is to gather information essential to an attack and enable an attacker to obtain a complete profile of an organization's security posture. During this phase, the hacker might gain information about the location of the company, phone numbers, employee names, security policies, and the overall layout of the target network. Often, hackers can perform this work with a simple web browser, a telephone, and a search engine. Unfortunately, humans are often the weakest security link in a corporation. A clever phone call to the technical support department can often compromise critical information: "Hi—this is Bill and I forgot my password. Can you remind me what it is?"

Scanning.

Next, hackers perform scanning to gain a more detailed view of a company's network and to understand what specific computer systems and services are in use. During this phase, the hacker determines which systems on the target network are live and reachable from the Internet. Commonly used scanning techniques include network ping sweeps and port scans . A ping sweep lets the attacker determine which individual computers on the network are alive and potential targets for attack. Port scanning can be used to determine what ports (a port is like a door or window on a house) are open on a given computer, and whether or not the software managing those ports has any obvious vulnerabilities.

Enumeration.

The third phase is the process of identifying user accounts and poorly protected computing resources. During the enumeration stage, the hacker connects to computers in the target network and pokes around these systems to gain more information. While the scanning phase might be compared to a knock on the door or a turn of the doorknob to see if it is locked, enumeration could be compared to entering an office and rifling through a file cabinet or desk drawer for information. It is definitely more intrusive.

Penetration.

During the fourth phase, penetration, the attacker attempts to gain control of one or more systems in the target network. For example, once an attacker has acquired a list of usernames during enumeration, he can usually guess one of the users' passwords and gain more extensive access to that user's account. Alternatively, once the attacker has determined that a target computer is running an old or buggy piece of software or one that is configured improperly, the hacker may attempt to exploit known vulnerabilities with this software to gain control of the system.

Advance.

In the advance phase of hacking, the attacker leverages computers or accounts that have been compromised during penetration to launch additional attacks on the target network. For instance, the attacker can break into more sensitive administrator root accounts, install backdoors or Trojan horse programs, and install network sniffers to gather additional information (for example, passwords) from data flowing over the network.

Covering Tracks.

In the final phase of hacking, the hacker eliminates any records or logs showing his malicious behavior. By deleting log files, disabling system auditing (which would otherwise alert the administrator to malicious activities), and hiding hacking files that the hacker has introduced, he can cover his tracks and avoid detection. Finally, the hacker can install a root kit—a series of programs that replace the existing system software to both cover his tracks and gather new information.

Recent Attacks, Countermeasures, and Motivations

Since the late 1990s, the number of hacking attacks has grown dramatically. Both private companies such as Microsoft, Yahoo, Amazon.com, Buy.com, and U.S. government entities like the Federal Bureau of Investigation (FBI) and the White House have been targeted by hackers. In the vast majority of incidents, hackers have attempted to either launch denial of service attacks or deface Internet web pages with inappropriate content. However, some of the attacks are far more insidious. In January of 2000, a nineteen-year-old Russian hacker, using the pseudonym Maxim, threatened to publish more than 300,000 customer credit card numbers (obtained by hacking into a popular e-commerce site) if he was not given $100,000 cash. Beyond these highly publicized cases, it is unclear how many corporations have been hacked successfully; however, from all accounts, the number is definitely large and growing.

A number of technologies are available to companies to prevent hacking attacks. The most popular tools are Internet firewalls, anti-virus software, intrusion detection systems, and vulnerability assessment tools. Firewalls are used to set up a virtual wall between the Internet and the company's internal network to repel attackers. Anti-virus software detects
and removes computer viruses, worms, and Trojan horses. Intrusion detection systems watch over critical networks and computers looking for suspicious activities, and can alert administrators in the event of an attack. Finally, corporations use vulnerability assessment tools to inventory their computing infrastructure and better understand the existing vulnerabilities.

Contrary to popular belief, most hackers are not international or industrial spies with evil motives and a desire to rule the world; most hackers have a simpler agenda. Among hackers, one of the most frequently cited motivations is that hacking is fun and is like solving a game or a puzzle. Many hackers perceive their activities to be harmless and they do not believe that they are victimizing anyone. In addition, the thrill of doing something illegal or the ability to access data unavailable to the public can be a tempting motivator. The chance to earn recognition from within a hacker group also offers strong incentive for up-and-coming hackers who have yet to gain a reputation. Finally, many hackers justify their actions by explaining that they are doing a service for other computer users by identifying new security holes.

Judicial, Criminal, and Civil Implications of Hacking

The following federal statutes offer computer crime and hacking protection:

As this list suggests, there is a substantial body of statutory law that applies directly to computer crime and hackers. Hacking of government computers, computers that are used by or for the government, and private computers used "in interstate commerce or communications" can be prosecuted under existing statutes. The existing statutory framework also provides for civil liability for unauthorized interception of communications. Finally, federal statutes exist to protect federal records, property, or public money. Consequently, bank, credit records, and electronic fund transfers are all protected by federal laws.

In recent cases, prosecuted hackers have been incarcerated, sentenced to home detention, and/or ordered to pay restitution. Offenders have been incarcerated for up to two years and some have been ordered to pay thousands of dollars in fines.

Bibliography

Internet Resources

Cybercrime. Web site for the Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice. <http://www.cybercrime.gov>

Manzano, Yanet. "Anatomy of a Hacking Attack." Policies to Enhance the Forensic of Computer Security. Computer Science at Florida State University web site. <http://www.cs.fsu.edu/~manzano/research/honorthesis/part2.html>

Cite this article Pick a style below, and copy the text for your bibliography.

Hacking

Gale Encyclopedia of E-Commerce
COPYRIGHT 2002 The Gale Group Inc.

HACKING

During the late 1990s and into the new millennium, hacking became a popular term for the act of breaking in, tampering with, or maliciously destroying private information contained in computer networks. The FBI's Computer Emergency Response Team (CERT) reported 17,672 hacking incidents in 2000, a 79 percent increase over 1999 figures.

EARLY HISTORY

During the 1960s, the word "hacker" grew to prominence describing a person with strong computer skills, an extensive understanding of how computer programs worked, and a driving curiosity about computer systems. Hacking, however, soon became nearly synonymous with illegal activity. While the first incidents of hacking dealt with breaking into phone systems, hackers also began diving into computer systems as technology advanced.

Hacking became increasingly problematic during the 1980s. As a result, the Computer Fraud and Abuse Act was created, imposing more severe punishments for those caught abusing computer systems. In the early 1980s, the Federal Bureau of Investigation (FBI) made one of its first arrests related to hacking. A Milwaukee-based group known as the 414s were accused of breaking into 60 different computer systems including the Memorial Sloan-Kettering Cancer Center and the Los Alamos National Laboratory. Later that decade, the infamous Kevin Mitnick was arrested and sentenced to one year in jail for damaging computers and stealing software. He was arrested again in 1995 for computer fraud and put in jail for hacking Motorola Inc., Sun Microsystems Inc., NEC Corp., and Novell Inc. to steal software, product plans, and data. Mitnick eventually cost the firms a total of roughly $80 million.

As negative publicity surrounding hackers continued to grow, those who considered themselves true hackers—computer programming enthusiasts who pushed computer systems to their limits without malicious intent and followed a hacker code of ethics—grew weary of the media's depiction of hackers. As a result, several hacker groups coined the term 'cracker' in 1985 to define a person who broke into computer systems and ignored hacker ethics; however, the media continued to use the word hacker despite the fact that although most early hackers believed technical information should be freely available to any person, they abided by a code of ethics that looked down upon destroying, moving, or altering information in a way could cause injury or expense.

AT&T Corp., Griffith Air Force Base, NASA, and the Korean Atomic Research Institute all fell prey to hackers in the early 1990s. Federal World Wide Web sites, including those of the U.S. Department of Justice, the U.S. Air Force, and the CIA, were also attacked by hackers and defaced. During 1995 alone, U.S. Defense Department computers dealt with 250,000 hacker attacks. As technology advanced and business transactions conducted over the Internet increased, malicious hackers became even more destructive. Popular Web sites such as Yahoo!, America Online, eBay, and Amazon.com were hacked, costing millions and leaving online shoppers doubtful about security on these sites; a 16-year-old Canadian boy
operating under the name Mafiaboy was arrested for these attacks, as well as for breaking into both Harvard's and Yale's university computer systems. Under the terms of his parole, Mafiaboy was not allowed to use the Internet or go into stores that sold computers, and his computer use was limited to that which was supervised by a teacher at school.

DIFFERENT TYPES OF HACKING ACTIVITY

As the cost of hacking attacks continues to rise, businesses have been forced to increase spending on network security. However, hackers have also developed new skills that allow them to break into more complex systems. Hacking typically involves compromising the security of networks, breaking the security of application software, or creating malicious programs such as viruses.

The most popular forms of network hacking are denial of service (DoS) attacks and mail bombs. DoS attacks are designed to swamp a computer network, causing it to crash. Mail bombs act in a similar fashion, but attack the network's mail servers. When eBay was attacked in February 2000, its Web server was bombarded with fake requests for Web pages, which overloaded the site and caused it to crash. Network hackers also try to break into secure areas to find sensitive data. Once a network is hacked, files can be removed, stolen, or erased. A group of teens in Wichita, Kansas, for example, hacked into AOL and stole credit card numbers that they then used to buy video games.

Application hackers break security on application software—software including word processing and graphics programs—in order to get it for free. One way they gain access to software that requires a serial number for installation is by setting up a serial number generator that will try millions of different combinations until a match is found. Application hackers also sometimes attack the program itself in an attempt to remove certain security features.

Hackers that create viruses, logic bombs, worms, and Trojan horses are involved in perhaps the most malicious hacking activities. A virus is a program that has the potential to attack and corrupt computer files by attaching itself to a file to replicate itself. It can also cause a computer to crash by utilizing all of the computer's resources. For example, e-mail systems were inundated with the "ILOVEYOU" and the "Love Bug" viruses in May of 2000, and the damage to individuals, businesses, and institutions was estimated at roughly $10 billion. Similar to viruses, logic bombs are designed to attack when triggered by a certain event like a change in date. Worms attack networks in order to replicate and spread. In July of 2001, a worm entitled "Code Red" began attacking Microsoft Internet Information Server (IIS) systems. The worm infected servers running Windows NT 4, Windows 2000, Windows XP, and IIS 4.0 and defaced Web sites, leaving the phrase "Welcome to www.worm.com Hacked by Chinese!" Finally, a Trojan horse is a program that appears to do one thing, but really does something else. While a computer system might recognize a Trojan horse as a safe program, upon execution, it can release a virus, worm, or logic bomb.

PREVENTING HACKING ACTIVITY

While preventing all hacking activity is deemed nearly impossible by many computer experts, businesses spend billions on protecting computer networks. According to research group Datamonitor, spending related to network security will increase from $10.6 billion in 2001 to $22.3 billion in 2004.

The most popular method of protection against hacking among personal home computer users is anti-virus software. Companies including McAfee.com Corp. provide anti-virus software that scans a computer's hard drive for infected material, alerting customers when bad files are found. Firewalls, typically used for computer networks, have also become popular with home users, particularly those who use continual online connections such as cable modems and digital subscriber lines. Firewalls act as a deterrent to hacking by protecting private networks from the public, thus keeping most outsiders from tampering with computer systems.

Other software options—mainly used to protect larger computer systems—include Intrusion Detection Systems (IDS), content filtering software, sand-boxing software, and behavior analysis software. IDS is considered one of the best protection methods for large networks. With an IDS in place, system administrators can monitor network requests and detect large-scale malicious attacks. Content filtering software is advanced antivirus software that reads compressed files and allows IT managers to set specific filtering parameters to block threatening email. Sand-boxing software protects against malicious codes. The software creates a protected space within a computer where suspicious code can run, before it has a chance to interact with the main operating system. Still in its infancy in 2001, behavior analysis software protects computer systems by monitoring entire networks and checking every command of all operations.

Unfortunately, many malicious hackers eye security systems not as a deterrent but as a mere obstacle to overcome. However, as long as hacking attacks persist, both individuals and businesses will continue to invest in programs and software designed to protect systems from unwanted visitors.